CVE-2019-12329 is an address bar spoofing vulnerability in the DuckDuckGo browser for Android version 5.26.0. The browser has more than 5 million installations, and its users are exposed to URL spoofing attacks. The vulnerability was discovered by security researcher Dhiraj…
The popular Flipboard online service has been hacked by an unknown criminal collective. According to the published information by the company unknown hackers have been able to hijack a database containing the credentials of the registered users. Hackers Hijacked Flipboard’s…
The Winnti Trojan Horse has been found to have a new iteration as users shave fallen victim to a new Linux version of the malware. What’s dangerous about this release is the fact that it was used in a hack…
Did you hear about the most dangerous laptop in the world, infected with some of the most devastating viruses? The laptop, a 2008 Samsung 10.2-inch NC10-14GB netbook, has been sold in an auction for $1.35 million by an unknown individual.…
Complex malware are continuously being developed by hacking groups worldwide, the best of which go through numerous incarnations. The infamous XLoader Android and iOS spyware has been found to infect users in a new attack campaign spreading a new version.…
Canva, the Australia-based graphic-design online application, has been hit by an enormous data breach. Apparently, the usernames and email addresses of 139 million users of Canva have been exposed. Passwords were also obtained but they remain intact as they are…
An unpatched vulnerability in macOS 10.14.5 also known as Mojave was recently discovered. The flaw could allow an attacker to execute arbitrary code without the need of user interaction, thus bypassing Gatekeeper. This discovery comes from researcher Filippo Cavallarin from…
Criminals have devised a new malware tactic which is known as the SensorID attack and it is capable of overcoming the security of Android and iOS devices. It is designed to track users by abusing the sensors of these devices.…
Another proof-of-concept about a zero-day exploit affecting Windows 10 has been released. The PoC code is published on GitHub and comes from an anonymous researcher or possible hacker known as SandboxEscaper, and that’s the fifth time the hacker releases a…
Another large-scale data incident has been reported, this time affecting Instagram users. More specifically, information belonging to millions Instagram influencers, celebrities and brand accounts has been exposed online. The database was hosted by Amazon Web Services, TechCrunch reported, and it…
Adware generally doesn’t fall into the same category as malicious software. However, a recent research conducted by researchers at Concordia University in Montreal, Canada, reveals that adware is in fact very similar to malicious code and its techniques. To prove…
A total of 12,564 unsecured MongoDB databases have been deleted in the course of three weeks. A message is left after the deletion prompting databases’ owners to get in touch with the hackers to have the data restored. Thousands of…
The latest security report from a research team sheds light on a very serious issue in cybersecurity — airplanes can be easily hacked by criminals. According to the released information this is not the result of a vulnerability, but of…
A radical new approach is being utilized by hackers who want to blackmail victims of their ransomware to pay them a decryption fee. The new strategy is to encrypt developer repositories on popular services like GitHub and BitBucket by breaking…
Personal and passport information belonging to more than 2.25 million citizens of Russia has been leaked through government websites. Information of government employees and politicians is also exposed, according to findings by Ivan Begtin, co-founder of a Russian NGO known…
Evasion of detection mechanisms used by security companies has always been a goal for cybercriminals. And it seems they have found a new way to improve these efforts. The new method is based on SSL/TLS signature randomization, and is given…
Microsoft’s May 2019 Patch Tuesday has already rolled out, containing fixes for 79 vulnerabilities in a number of products. The rollout also includes a security update for Windows XP and Server 2003, which were not included in the mainstream customer…
The North Korean hacker collective known as ScarCruft has been found to use a new infiltration device — a Bluetooth harvesting tool allowing them to acquire a lot of sensitive information about the victim devices. The group is alternatively known…
A race condition vulnerability tracked as CVE-2019-11815 has been found in Linux machines running distros with kernels prior to 5.0.8. The flaw could lead to a use after free, related to net namespace cleanup, exposing vulnerable systems to remote attacks,…
CVE-2019-1649 is a severe vulnerability in Cisco products. Also dubbed Thrangrycat, the exploit could allow attackers to implant persistent backdoor on a wide range of devices in enterprise and government networks. Devices could be routers, switches, and firewalls that support…
